APPARATUS AND METHOD FOR DEVICE WHITELISTING AND BLACKLISTING TO OVERRIDE PROTECTIONS FOR ALLOWED MEDIA AT NODES OF A PROTECTED SYSTEM

US 20170351870A1
Filed: 03/27/2017
Published: 12/07/2017
Est. Priority Date: 06/03/2016
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

at least one interface configured to be coupled to a peripheral device; and

at least one processing device configured to;

detect the peripheral device;

determine whether the peripheral device has been checked-in for use with at least the apparatus;

determine whether the peripheral device or a device type associated with the peripheral device has been whitelisted or blacklisted;

grant access to the peripheral device in response to at least one of;

determining that the peripheral device has been checked-in for use with at least the apparatus and has not been blacklisted; and

determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in for use with at least the apparatus; and

block access to the peripheral device in response to at least one of;

determining that the peripheral device has not been checked-in for use with at least the apparatus and has not been whitelisted; and

determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in for use with at least the apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes detecting a peripheral device at a protected node. The method also includes determining whether the peripheral device has been checked-in for use with at least the protected node and determining whether the peripheral device or a device type has been whitelisted or blacklisted. The method further includes granting access to the peripheral device in response to (i) determining that the peripheral device has been checked-in and has not been blacklisted or (ii) determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in. In addition, the method includes blocking access to the peripheral device in response to (i) determining that the peripheral device has not been checked-in and has not been whitelisted or (ii) determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in.

64 Citations

View as Search Results

20 Claims

1. An apparatus comprising:
- at least one interface configured to be coupled to a peripheral device; and
  
  at least one processing device configured to;
  
  detect the peripheral device;
  
  determine whether the peripheral device has been checked-in for use with at least the apparatus;
  
  determine whether the peripheral device or a device type associated with the peripheral device has been whitelisted or blacklisted;
  
  grant access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has been checked-in for use with at least the apparatus and has not been blacklisted; and
  
  determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in for use with at least the apparatus; and
  
  block access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has not been checked-in for use with at least the apparatus and has not been whitelisted; and
  
  determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in for use with at least the apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein:
    - the at least one processing device is further configured to update at least one of a whitelist and a blacklist; and
      
      the at least one processing device is configured to use at least one of the whitelist and the blacklist when determining whether the peripheral device or the device type has been whitelisted or blacklisted.
  - 3. The apparatus of claim 2, wherein the at least one processing device is configured to update at least one of the whitelist and the blacklist based on configuration data on the peripheral device.
  - 4. The apparatus of claim 1, wherein:
    - the at least one processing device is configured to determine whether the peripheral device or the device type has been whitelisted or blacklisted using at least one of;
      
      a whitelist and a blacklist; and
      
      each of the whitelist and the blacklist comprises one or more encrypted device parameters.
  - 5. The apparatus of claim 4, wherein the device parameters include at least one of:
    - one or more device types, one or more device models, one or more device vendors, and one or more device brands.
  - 6. The apparatus of claim 1, wherein:
    - the at least one processing device is configured to determine whether the peripheral device or the device type has been whitelisted using a whitelist; and
      
      the whitelist identifies at least one device type that is allowed to be used with at least the apparatus without requiring check-in, the at least one device type comprising at least one of;
      
      one or more keyboards, one or more mice, one or more biometric devices, and one or more security keys.
  - 7. The apparatus of claim 1, wherein the at least one processing device is further configured, after access to the peripheral device is granted, to:
    - determine whether a file on the peripheral device has been checked-in for use with at least the apparatus;
      
      grant meaningful access to the file on the peripheral device in response to determining that the file has been checked-in for use with at least the apparatus; and
      
      block meaningful access to the file on the peripheral device in response to determining that the file has not been checked-in for use with at least the apparatus.
  - 8. The apparatus of claim 1, wherein, to determine whether the peripheral device has been checked-in, the at least one processing device is configured to at least one of:
    - determine whether a file system of the peripheral device has been modified in an expected manner; and
      
      determine whether the peripheral device has an expected digital signature.

9. A method comprising:
- detecting a peripheral device at a protected node;
  
  determining whether the peripheral device has been checked-in for use with at least the protected node;
  
  determining whether the peripheral device or a device type associated with the peripheral device has been whitelisted or blacklisted;
  
  granting access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has been checked-in for use with at least the protected node and has not been blacklisted; and
  
  determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in for use with at least the protected node; and
  
  blocking access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has not been checked-in for use with at least the protected node and has not been whitelisted; and
  
  determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in for use with at least the protected node.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising:
    - updating at least one of a whitelist and a blacklist used to determine whether the peripheral device or the device type has been whitelisted or blacklisted.
  - 11. The method of claim 10, wherein at least one of the whitelist and the blacklist is updated based on configuration data on the peripheral device.
  - 12. The method of claim 9, wherein:
    - determining whether the peripheral device or the device type has been whitelisted or blacklisted comprises using at least one of;
      
      a whitelist and a blacklist; and
      
      each of the whitelist and the blacklist comprises one or more encrypted device parameters.
  - 13. The method of claim 9, wherein:
    - determining whether the peripheral device or the device type has been whitelisted comprises using a whitelist; and
      
      the whitelist identifies at least one device type that is allowed to be used with at least the protected node without requiring check-in, the at least one device type comprising at least one of;
      
      one or more keyboards, one or more mice, one or more biometric devices, and one or more security keys.
  - 14. The method of claim 9, further comprising, after access to the peripheral device is granted:
    - determining whether a file on the peripheral device has been checked-in for use with at least the protected node;
      
      granting meaningful access to the file on the peripheral device in response to determining that the file has been checked-in for use with at least the protected node; and
      
      blocking meaningful access to the file on the peripheral device in response to determining that the file has not been checked-in for use with at least the protected node.
  - 15. The method of claim 9, wherein determining whether the peripheral device has been checked-in comprises at least one of:
    - determining whether a file system of the peripheral device has been modified in an expected manner; and
      
      determining whether the peripheral device has an expected digital signature.

16. A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to:
- detect a peripheral device at a protected node;
  
  determine whether the peripheral device has been checked-in for use with at least the protected node;
  
  determine whether the peripheral device or a device type associated with the peripheral device has been whitelisted or blacklisted;
  
  grant access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has been checked-in for use with at least the protected node and has not been blacklisted; and
  
  determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in for use with at least the protected node; and
  
  block access to the peripheral device in response to at least one of;
  
  determining that the peripheral device has not been checked-in for use with at least the protected node and has not been whitelisted; and
  
  determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in for use with at least the protected node.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium of claim 16, further containing instructions that, when executed by the at least one processing device, cause the at least one processing device to:
    - update at least one of a whitelist and a blacklist used to determine whether the peripheral device or the device type has been whitelisted or blacklisted.
  - 18. The non-transitory computer readable medium of claim 17, wherein the update to at least one of the whitelist and the blacklist comprises a one-time update to the whitelist in order to allow the peripheral device to be used with the protected node once without requiring check-in of the peripheral device.
  - 19. The non-transitory computer readable medium of claim 16, wherein:
    - the instructions that when executed cause the at least one processing device to determine whether the peripheral device or the device type has been whitelisted or blacklisted comprise;
      
      instructions that when executed cause the at least one processing device to determine whether the peripheral device or the device type has been whitelisted or blacklisted using at least one of;
      
      a whitelist and a blacklist; and
      
      each of the whitelist and the blacklist comprises one or more encrypted device parameters.
  - 20. The non-transitory computer readable medium of claim 16, wherein:
    - the instructions that when executed cause the at least one processing device to determine whether the peripheral device or the device type has been whitelisted comprise;
      
      instructions that when executed cause the at least one processing device to determine whether the peripheral device or the device type has been whitelisted using a whitelist; and
      
      the whitelist identifies at least one device type that is allowed to be used with at least the protected node without requiring check-in, the at least one device type comprising at least one of;
      
      one or more keyboards, one or more mice, one or more biometric devices, and one or more security keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Knapp, Eric D., Boice, Eric T.

Granted Patent

US 10,402,577 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06F 21/85   interconnection devices, e....

H04L 63/0218   Distributed architectures, ...

H04L 63/101   Access control lists [ACL]

H04L 63/145   the attack involving the pr...

APPARATUS AND METHOD FOR DEVICE WHITELISTING AND BLACKLISTING TO OVERRIDE PROTECTIONS FOR ALLOWED MEDIA AT NODES OF A PROTECTED SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

APPARATUS AND METHOD FOR DEVICE WHITELISTING AND BLACKLISTING TO OVERRIDE PROTECTIONS FOR ALLOWED MEDIA AT NODES OF A PROTECTED SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others